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© Method and apparatus for determining that a first 
unit of data associated with a first party has not been 
modified since a specified point in time. A method 
includes the steps of (a) providing the first unit of 
data and (b) generating a second unit of data from 
the first unit of data, the second unit of data being 
expressive of an information content of the first unit 
of data. The method further includes a step of (c) 
generating a time indication for specifying a point in 
time, the time indication being generated with time 
generation means (14) having a time is settable by a 
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second party other than the first party. That is. the 
time generation means is secured and cannot be 
altered or changed by the first party. The method 
further includes a step of (d) encrypting (16) the 
second unit of data and the generated time indica- 
tion to generate a third unit of data. The method 
includes as an additional step a step of (e) validating 
(20) the first unit of data to ensure that the first unit 
of data has not been modified since the specified 
point in time. 
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This invention relates generally to document 
validation method and apparatus and, in particular 
to method and apparatus for authenticating a docu- 
ment that is stored or transmitted in electronic form 
to ensure that the document has not been altered 
| S? d ~ 3 d3te ^ 3 *~ — with 

A conventional solution to associating a spe- 
cie date with a document is to provide the docu- 

Z T P l hySiCa ' f ° rmat and 40 "°fcri 2 e the 

document. The notarization serves to place the 
ex IS tence of the document in time, it being as 
sumed that it is relatively difficult to alter the nota- 
rized document without the alteration being detect- 
able. However, this conventional approach is gen- 

H naPPr ° Priate f ° r ° Se With electronically 
stored documents in that electronically stored doc- 
uments can, by their nature, be readily altered 
w.thout the alteration being detectable. For exam- 
ple, ,t ,s a relatively simple task to access a stored 
document to change numbers, dates, text and oth- 
er features of the document. The information re- 
garding the date of creation and/or last alteration of 
the document can also be modified easily 

As a result, one typical solution is to maintain 
the ongina physical document, or to convert an 
electronically stored document to a physical for- 
mat, and to notarize and store the physical docu- 

Td dJlT Ver, , thiS iS 3n 6Xpensive undertaking 
and defea s m large measure the advantages of 
electronically storing documents. 

One proposed solution is store a copy of the 
document on a Write Once Read Many (WORM) 
*pe of optical disk. This solution has the advan- 
m^ r 31 L hS document ' °"ce written, cannot be 
modified. However, this solution also requires a 
large number of disks for any reasonably sized 
application. The procurement and storage of such 

™5 15 ? P6nSive and furth e™ore Presents the 
problem of locating a desired document among a 
potentially large number of stored documents 

However, neither of the approaches of notariza- 
tion of a physical document or storage of a docu- 
ment on a write-only medium are totally fool proof 

SedT^' 3 n0tarization can °e forged or fal-' 
sified. the deceptron being difficult to detect espe- 
cially rf only the date is falsified. Furthermore in 
the wnte-only type of media solution a modified 
disk may be substituted for in original disk, thereby 
providing an opportunity to modify any documents 
so stored. 

The authentication of electronically stored doc- 
uments is achieving a greater significance in that it 
s becommg relatively common to exchange elec- 
tronically stored documents between parties to a 
Uansaction By example, using Electronic Docu- 
ment Interchange (EDI) many companies now ex- 
change purchase orders, invoices and similar docu- 



ments electronically. However, if a dispute arises 
as to what was transmitted as opposed to what was 
rece.ved it may be difficult to establish which ver- 
sion of a document is correct and/or has prece- 

S I" t,me - ^ 3 reSU,t ' many EDI factions 
having any monetary significance are normally con- 
firmed with physical documents to provide a paper 

tT^rr^ reducin9 documents * 3£ 

ro of eS ^ me3SUre *• ad ^ages 

It is known in the prior art to provide in an 
encrypted form certain data associated with a date 
and/br a tone For example, it is known to encrypt 

rs 2£ ' WhSrein 3 P 0 * 0 " of the "«*«*» * a 

" date and a tone. | t „ also known ,„ chec|< 

t?^ h 0n V 0 Pr ° Vide C6rtain '"taxation relating 
to the check in an encrypted form, this information 
yp.cal y including the date the check was issued 
n the first example of an encrypted postage indicia 
1 ° T' aUth ° rity " 6nabled to decryptme S 

SLTTT 0 " t0 V6rify ,hS Validity of » e Postage 
nd.c.a. In the second example a bank may decrypt 

? het * info ™ation to verify the au- 
thenticty of a check presented for payment. 

However, in neither of these examples is the 
date associated with the encrypted information a 
secure date". That is. in these examples the date 
inn y ^V e3di, r m0dified by the Party accomplish- 

the dat L P t r fH UmPtl0n th3t thS e " Cry P ted d ** is 
the date that the postage indicia was created or the 

check was issued, there is no effective method to 
verify that this is true. 

35 aim S T Ir, e nlo Ve H ti0n 3 f P***" 8 "* Closed herein 
35 aims to provide an electronic notarization apparatus 
and method for electronically stored or transmitted 
documents and other data; and to provide method 
i r Tf tUS f ° r authent icating a document or 
other electronically stored or transmitted data to 

2S£ ?/ he d ° CUment has not be °" altered 

. a d3te and 3 ,ime associated «* 

There is disclosed herein an embodiment of a 
cryptographic method and apparatus intended for 
authent.catmg a document stored or transmitted in 
elecfromc format, to ensure that both the date of 

SfirT ,a5t ^ °' a,teration and con- 
tents of the document have not been altered 

so tho i meth ° d accordln 0 to the invention includes 
so the steps of (a) providing the first unit of data and 
(b generating a second unit of data from the first 
un,t of data, the second unit of data being expres 

data T J?™ 0 ™**™ ° f ^ nrlZll 

data. The first unit of data may be any data that is 

*J* determining 7*1 

oSt^t l m0dified subs ^"t to a specified 
pant ,n me. By example, the first unit of date may 
be an electronically stored or transmitted docu- 
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ment, such as a purchase order, or a contract. The 
first unit of data may also be one or more records 
from a data base of records. The first unit of data 
may also be image data such as that obtained from 
a document scanner such as a facsimile device or 
a hand held scanner. The second unit of data may 
be generated from the first unit of data by a num- 
ber of suitable techniques including but not limited 
to CRC generation, parity generation, checksum 
generation and by variants and combinations there- 
of. 

The method further includes a step of (c) gen- 
erating a time indication for specifying a point in 
time, the time indication being generated with time 
generation means having a time modifiable only by 
a party other than the first party. That is, in accor- 
dance with the invention, the time generation 
means is secured and the time maintained thereby 
cannot be altered or changed by the first party. 
Preferably the time indication includes both a 
present date and a present time, such as time 
expressed in GMT. The method further includes a 
step of (d) encrypting the second unit of data and 
the time indication to generate a third unit of data. 
The step of encrypting may be accomplished by a 
number of suitable techniques including but not 
limited to public key encryption, private key en- 
cryption and variants and combinations thereof. 

The method includes an additional optional 
step of (e) validating the first unit of data to ensure 
that the first unit of data has not been modified 
subsequent to the specified point in time. In one 
embodiment of the invention the step (e) of validat- 
ing includes the steps of (f) providing the third unit 
of data, (g) decrypting the third unit of data to 
generate a fourth unit of data and also the pre- 
viously generated time indication therefrom, (h) 
providing a fifth unit of data proposed to be iden- 
tical to the first unit of data, (i) generating a sixth 
unit of data from the fifth unit of data, and (j) 
comparing the fourth unit of data with the sixth unit 
of data to determine if they are the same. 

The step (e) of validating, in another embodi- 
ment of the invention, may be accomplished by 
providing a fifth unit of data (f), the fifth unit of data 
purported to be identical to the first unit of data. 
The fifth unit of data is converted to a sixth unit of 
data (g*) by a procedure identical to that employed 
to create the second data unit. A time purported to 
be the time associated with the third data unit, 
such as the time of creation, is combined with the 
sixth data unit (IV) in a predetermined manner, 
such as by appending the time indication to the 
sixth data unit. Next, the sixth unit of data, includ- 
ing the purported time indication, is encrypted (i 1 ) 
using a same procedure as that employed to gen- 
erate the third data unit. The resulting data string 
representing the encrypted sixth data unit and pur- 



ported time is compared 0*) to the third data unit. A 

match indicates that the purported time is valid. 
The invention will be better understood from 

the following non-limiting description of examples 
5 thereof given with reference to the accompanying 

drawings in which:- 

Fig. 1 is a block diagram that illustrates an 
embodiment of data authentication apparatus 
that is constructed and operated in accordance 
io with the invention; 

Fig. 2 is a block diagram that illustrates an 
embodiment of data validation apparatus that is 
constructed and operated in accordance with the 
invention; 

75 Fig. 3 is a flow chart that illustrates steps of 
document authentication performed in accor- 
dance with the invention; 

Fig. 4a is a flow chart that illustrates steps of 
document validation performed in accordance 
20 with one embodiment of the invention; and 

Fig. 4b is a flow chart that illustrates steps of 
document validation performed in accordance 
with another embodiment of the invention. 
Referring first to Fig. 1 there is shown an 
25 electronic notary 10 including, in accordance with a 
presently preferred embodiment of the invention, a 
Cyclic Redundancy Check (CRC) generator 12. 
CRC generator 12 has an input coupled to docu- 
ment and/or other unit(s) of data provided by a first 
30 party desiring to authenticate the unit(s) of data. 
The data units may be provided from, by example, 
a communications network, from a mass storage 
device ouch as a disk, or directly from the memory 
of a data processing unit. Further in accordance 
35 with an aspect of the invention the input data units 
may be image data provided from a scanner such 
as that associated with a facsimile device or a hand 
held document scanner. In general, the invention 
may be employed to authenticate any type of digi- 
40 tal data units wherein a data unit may comprise 
from one or more bits of data to some arbitrarily 
large number of data bytes or words. The output of 
the CRC generator 12 is CRC data that is gen- 
erated by any one of a number of known types of 
45 CRC methods. One advantage of providing the 
input data unit to the CRC generator 12 is that the 
possibly large amount of input data is reduced to a 
relatively few bytes of CRC data, thereby providing 
for efficiencies in storage, 
so In this regard it should be noted that other than 

CRC generation methods can be employed much 
as calculating a check sum of the input data or 
performing one or two dimensional parity genera- 
tion on the input data. By example, checksum or 
55 parity information can be generated for each line of 
characters associated with a document. Alternative- 
ly, such information can be generated for the entire 
document instead of on a line-by-line basis. In 
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general, any suitable method may be employed 
that generates a second unit of data from a first 
unit of data wherein the second unit of data is 
expressive of an information content of the first unit 
of data. 

Electronic notary 10 also includes a time gen- 
eration device 14 that, in accordance with the in- 
vention, is a secured device such that the first 
party is unable to set, reset, or otherwise modify 
the time-related content thereof. 

In accordance with an embodiment of the in- 
vention electronic notary 10 is provided by a sec- 
ond party for use by the first party. Only the 
second party has a capability to alter the time 
maintained by the time generating device 14. As a 
result, when the first party provides document 
and/or other data to the electronic notary 10 for 
notarization the first party is unable to modify in 
any way the date and time maintained internally 
within the electronic notary 10. 

An encryption block 16 operates in accordance 
with any known type of encryption algorithm includ- 
ing, but not limited to, private key cryptography, 
such as DES. public key cryptography, such as 
RSA, or variants and combinations thereof. For 
example, the encryption device 16 can operate in 
accordance with electronic indicia algorithms such 
as those disclosed in a commonly assigned U.S. 
Patent No. 4,853,961, issued August 1, 1989 to 
Jose Pastor. 

The CRC information and the date and time 
information are input to the encryption device 16 
where this information is encrypted and is output 
from the electronic notary 10. This output data is 
referred to herein as an authentication string or 
packet. This output may be maintained by the first 
party and can be appended to the original docu- 
ment data and/or stored separately therefrom. The 
authentication string output from the electronic no- 
tary 10 may also be provided to the second party 
for storage. By example, this information can be 
provided electronically via a modem or other such 
device to a central repository of authentication 
string data maintained by the second party. 

Other information can be also provided, if de- 
sired, to be included with the encrypted authentica- 
tion string. For example, document-related data 
such as the title of the document, the author or 
authors of the document and other similar informa- 
tion can be provided separately from the document 
data and time data. Also, a "machine ID" that 
identifies the particular electronic notary, such as 
by a serial number, can also be provided to the 
encryption device 16 to be encrypted and included 
as part of the authentication string. These optional 
data inputs are shown as dashed input lines in the 
block diagram of Fig. 1 . 

Referring now to Fig. 2 there is shown in block 
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diagram form a presently preferred embodiment of 
a validation device 20 for validating a previously 
electronically notarized document or data. Device 
20 includes a decryption block 22 wherein the 
5 datalime stamped authentication string is provided. 
This block of data is that which was generated 
previously by the electronic notary 10 of Fig. 1. 
Device 20 further includes a CRC generator 24 that 
operates in accordance with the same CRC al- 
io gorithm as the CRC generator 12 of Fig. 1. The 
data to be validated is provided to this second 
CRC generator 24. In operation, the decryption 
device 22 decrypts in accordance with the key 
associated with the first party the input data to 
is provide therefrom the date/time information and the 
CRC information. The decrypted CRC information 
from block 22 is compared by a comparator 26 to 
the CRC information generated by CRC generator 
24. If the two CRCs are found to be identical it is 
20 indicated that the document data provided is iden- 
tical to that previously provided to the electronic 
notary 10 of Fig. i. Furthermore, the date and time 
information retrieved from the authentication string 
is the date and time that this data was applied to 
25 the electronic notary 10. As a result, the decrypting 
party determines that the data presented for valida- 
tion produces the same CRC data as the original 
data in addition to determining a date and time 
previously associated with the original data. 
30 Of course, if the authentication string data is 

originally generated by a checksum, parity genera- 
tion or other procedure block 24 implements the 
same procedure. In this case the comparator 26 
compares the checksums or parity bits to deter- 
35 mine if a match occurs. 

Although it is theoretically possible that the first 
party may break the encryption algorithm and 
forge, an authentication string for a particular docu- 
ment, the second party service may, as previously 
40 mentioned, have a permanent record of each au- 
thentication string issued by the notary 10. There- 
after, to successfully pass a verification test, the 
authentication string must not only generate a 
match between the proposed original document 
45 and the document presented for validation but the 
authentication string must also exist in storage 
within the second party's repository of authentica- 
tion strings. 

In such a two party system the authentication 
so string can also be transmitted along with the elec- 
tronic document. This permits the recipient to con- 
firm that the document is valid and unmodified 
from the time it was originally electronically nota- 
rized. Furthermore, if the authentication string is 
55 constructed in such a manner that it is unique to an 
originator, such as by having a unique encryption 
key, the recipient of the electronic document can 
demonstrate that the document has not been modi- 

4 
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fied and also that the document was indeed cre- 
ated by the sender. That is, the authentication 
string was encrypted with a key known to be asso- 
ciated with the sender. 

Referring to Fig. 3 there is shown in flowchart 
form a method of the invention. In block (a) there is 
provided a first data unit. In block (b) there is 
generated a second data unit from the first data 
unit The second data unit may be generated by 
CRC or other techniques as described above. Next, 
at block (c) information is generated with a secure 
time generation device, the information being ex- 
pressive typically of both a time and a date. Prefer- 
ably the time is expressed in Greenwich Mean 
Time (GMT) and reflects the actual time of day. 
The time may be generated to any desired accu- 
racy such as to a second or tenths or hundredths 
of a second. At block (d) the generated time and 
the second data unit are encrypted to provide an 
authentication string as shown in Fig. 1. This au- 
thentication string is thereafter stored for subse- 
quent retrieval and validation as required. 

Referring to Fig. 4a there is shown a method, 
in accordance with one embodiment of the inven- 
tion, for validating a previously electronically nota- 
rized data unit. At block (f) there is provided the 
encrypted second data unit including the time, that 
is, the previously generated authentication string. 
This authentication string is decrypted to provide a 
fourth data unit and the time associated with the 
second data unit. At block (h) there is provided a 
fifth data unit that is proportioned to be identical to 
the first data unit. At block (i) a sixth data unit is 
generated by the method used previously when 
generating the authentication string. At block (j) the 
fourth data unit and the sixth data unit are com- 
pared, such as by comparing the two CRCs. to 
determine if the CRC of the data unit to be vali- 
dated matches that previously presented. 

Referring to Fig. 4b there is shown a method, 
in accordance with another embodiment of the in- 
vention, for validating a previously electronically 
notarized data unit At block (f) a fifth unit of data 
is provided, the fifth unit of data purported to be 
identical to the first unit of data. At block (g') the 
fifth unit of data is converted to a sixth unit of data 
by a procedure identical to that employed to create 
the second data unit. At block (h*) a time purported 
to be the time associated with the third data unit, 
such as the time of creation, is combined with the 
sixth data unit in a predetermined manner, such as 
by appending the time indication to the sixth data 
unit. Next, at block (0, the sixth unit of data, 
including the purported time indication, is encryp- 
ted using a same procedure as that employed to 
generate the third data unit. Next, at block 0') the 
data string representing the encrypted sixth data 
unit and the purported time is compared to the 



third data unit. A match indicates that the purported 
time is valid. 

The invention may be embodied in hardware 
constructed with, for example, commercially avail- 
5 able CRC generators, time and date maintaining 
"calendar/clock" integrated circuits and encryption 
and decryption integrated circuits. Alternatively, the 
invention can be embodied solely in software ex- 
ecuted on a data processing system. Alternatively, 
70 the invention can be embodied in a combination of 
hardware and software. In any of the possible em- 
bodiments of the invention it is however a require- 
ment that the system date and time be secure from 
tampering and/or modification by the party that 
75 employs the apparatus and method of the invention 
to electronically notarize document or other data. 
Securing the time function can be achieved by a 
number of techniques including physically securing 
a calendar/clock electronic device within a tamper 
20 proof module having no external programming in- 
puts. Securing the time function can also be 
achieved by requiring the use of passwords to 
obtain access to a date and time function main- 
tained by software. Securing the time function can 
25 also be achieved by storing an encrypted clock 
value which can only be decrypted with a third 
party key. 

Although the use of the invention has been 
thus far primarily depicted in the context of elec- 
30 tronically stored document data it should be appar- 
ent that the data may originate from a number of 
possible sources. For example, a particular data 
unit may be single record from a database. By 
example, in a database that maintains information 
35 concerning employees of a corporation each data 
base record may relate to one employee. Each 
time that an employee's record is accessed and 
modified, such as to reflect an increase in salary, 
the modified record is applied to the electronic 
40 notary of Fig. 1 to provide an authentication string 
therefor. As a result, it can be readily detected if an 
employee's record has been inadvertently or inten- 
tionally modified at a time subsequent to the time 
that the record was believed to have been last 
45 modified. This teaching may also be employed to 
detect unauthorized modification to a computer file 
such as that caused by a "viral infection". 

The source of data may also be image data or 
the like. For example, a document or a graphics 
so image may be converted to electronic form and the 
image data -notarized* to associate a time and 
date therewith. 

Thus, it can be realized that the teaching of the 
invention is applicable to the authentication of a 
55 large number of different types of data originating 
from a wide variety of sources, ft should also be 
realized that certain steps of the method of the 
invention may be performed in other than the order 
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illustrated while still achieving the same result. As 
such, although the invention has been particularly 
shown and described with respect to preferred 
embodiments thereof, it will be understood by 
those skilled in the art that changes in form and 5 
details may be made therein without departing 
from the invention. 

Claims 

10 

1. A method of determining that a first unit of 
data associated with a first party has not been 
modified subsequent to a specified point in 
time, comprising the steps of: 

75 

providing the first unit of data; 

generating a second unit of data from the 
first unit of data, the second unit of data being 
expressive of an information content of the first 20 
unit of data; 

generating a first time indication for speci- 
fying a point in time, the first time indication 
being generated with time generation means 25 
having a time indication that cannot be 
changed by the first party; and 

encrypting the second unit of data and the 
generated first time indication to generate a 30 
third unit of data. 

2. A method as set forth in Claim 1 wherein the 
second unit of data is generated in accordance 

with a CRC generation procedure. 35 

3. A method as set forth in Claim 1 wherein the 
second unit of data is generated in accordance 
with a parity generation procedure. 

40 

4. A method as set forth in Claim 1 wherein the 
second unit of data is generated in accordance 
with a checksum generation procedure. 

5- A method as set forth in Claim 1, 2 or 3 45 
wherein the step of generating a first time 
indication generates a present date and a 
present time; and wherein the present time is 
optionally expressed in Greenwich Mean Time. 

50 

6. A method as set forth in any preceding Claim 
wherein the step of providing the first unit of 
data includes a step of providing one or more 
selected records from a data base. 

55 

7. A method as set forth in any preceding Claim 
wherein the step of providing the first unit of 
data includes a step of providing data expres- 



sive of an image, or data expressive of a 
document. 

8. A method as set forth in any preceding Claim 
wherein the step of encrypting is accomplished 
in accordance with an encryption procedure 
selected from the group consisting of public 
key encryption, private key encryption and 
variants and combinations thereof. 

9. A method as set forth in Claim 1 and further 
including a step of validating the first unit of 
data, the step of validating including the steps 
of: 

providing a purported third unit of data; 

decrypting the purported third unit of data 
to generate a fourth unit of data and also the 
previously generated first time indication there- 
from; 

providing a fifth unit of data purported to 
be identical to the first unit of data; 

generating a sixth unit of data from the 
fifth unit of data, the sixth unit of data being 
generated by a method identical to that em- 
ployed to generate the second unit of data; 
and 

comparing the fourth unit of data with the 
sixth unit of data to determine if they are the 
same. 

10. A method as set forth in Claim 1 and including 
a step of storing the third unit of data with 
storage means associated with a party other 
than the first party. 

11. A method as set forth in Claim 1 and further 
including a step of validating the first unit of 
data, the step of validating including the steps 
of: 

providing a fifth unit of data purported to 
be identical to the first unit of data; 

generating a sixth unit of data from the 
fifth unit of data, the sixth unit of data being 
generated by a method identical to that em- 
ployed to generate the second unit of data; 

associating a second time indication with 
the sixth unit of data, the associated second 
time indication purported to be identical to the 
first time indication; 
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encrypting the sixth unit of data, including 
the second time indication; and 

comparing the third data unit with the en- 
crypted sixth unit of data to determine if they s 
are the same. 

12. Apparatus for determining that a first unit of 
data associated with a first party has not been 
modified since a specified point in time, com- to 
prising: 

means for providing the first unit of data; 

means for generating a second unit of data is 
from the first unit of data, the second unit of 
data being expressive of an information con- 
tent of the first unit of data; 

means for generating a first time indication 20 
for specifying a point in time, the time genera- 
tion means having a time modifiable only by a 
party other than the first party; and 

means for encrypting the second unit of 25 
data and the generated time indication to gen- 
erate a third unit of data. 

13. Apparatus as set forth in Claim 12 wherein the 
second unit of data generating means gen- 30 
erates the second unit of data in accordance 

with a procedure selected from the group con- 
sisting of a CRC generation procedure, a parity 
generation procedure, a checksum generation 
procedure and variants and combinations 35 
thereof. 

14. Apparatus as set forth in Claim 12 or 13 
wherein the the time generating means gen- 
erates a current date and a current time. 40 

15. Apparatus as set forth in Claim 12 wherein the 
means for providing the first unit of data pro- 
vides either one or more selected records from 

a data base, or image data. 45 

16. Apparatus as set forth in Claim 12 wherein the 
means for providing the first unit of data in- 
cludes scanner means for scanning a surface 

and generating a digital representation thereof, 50 
the first unit of data being comprised of the 
digital representation of the surface. 

17. Apparatus as set forth in Claim 12 wherein the 
means for providing the first unit of data pro- as 
vides document data. 

1a Apparatus as set forth in Claim 12 wherein the 
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encrypting means comprises means selected 
from the group consisting of public key en- 
cryption means, private key encryption means 
and variants and combinations thereof. 

19. Apparatus as set forth in Claim 12 and further 
comprising means for validating the first unit of 
data, comprising: 

means for providing a purported third unit 
of data; 

means for decrypting the purported third 
unit of data to generate a fourth unit of data 
and also the previously generated first time 
indication therefrom; 

means for generating a sixth unit of data 
from a fifth unit of data purported to be iden- 
tical to the first unit of data; and 

means for comparing the fourth unit of 
data with the sixth unit of data to determine if 
they are the same. 

20. Apparatus as set forth in Claim 12 and further 
comprising means for validating the first unit of 
data, comprising: 

means for providing a fifth unit of data 
purported to be identical to the first unit of 
data; 

means for generating a sixth unit of data 
from the fifth unit of data, the sixth unit of data 
being generated by a method identical to that 
employed to generate the second unit of data; 

means for associating a second time in- 
dication with the sixth unit of data, the asso- 
ciated second time indication purported to be 
identical to the first time indication; 

means for encrypting the sixth unit of data, 
including the second time indication; and 

means for comparing the third data unit 
with the encrypted sixth unit of data to deter- 
mine if they are the same. 
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